Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    89961de645afe5c55dc9eeeb1394cc92d987a63b52820c05be9bd314f0e1aff0

  • Size

    1.3MB

  • Sample

    230114-wsbrqabe67

  • MD5

    a3e3e40906d85e69d562ef463b8b35ac

  • SHA1

    d8a276ebafa07478c543885e22d23feb82942324

  • SHA256

    648efce8340aabf00a3cdfa1c6ae661da837cc6e6af304c2a74c93c63f74d3fa

  • SHA512

    deb72490ad8eb89bc0f4024cd2ebd52fb4a1984c789b871fd0ecd72fc72f07128315eec32e58da8ca197899af8026fe38ce21a25bf410bfbdb525ee4f2027aa0

  • SSDEEP

    24576:ZiEXTfG0C/g1nTukxBO/yU9sMs5+T/5ehuW29UC6l:ZiEXTOtKnTJuyU85+T5ehu5iC6l

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

    • Target

      89961de645afe5c55dc9eeeb1394cc92d987a63b52820c05be9bd314f0e1aff0

    • Size

      1.5MB

    • MD5

      ca048aecf3863405e9cc73b663ea2c9c

    • SHA1

      4afbe34921aa6a088f12b9a82356def3b230168d

    • SHA256

      89961de645afe5c55dc9eeeb1394cc92d987a63b52820c05be9bd314f0e1aff0

    • SHA512

      7069400fdb2ba7b875407e0b8bcb5ceef974299147ca986a099a81fefccbb940534f17211ad4641b994abba3fb52816100b2b55591538b613b9f7662d2700df8

    • SSDEEP

      24576:r20h5REdBGY0vgBnT4WlBu/uUfCMgD8f/Heh4vOhwCbr:r2wWdQ9mnTHOuUUD83Heh4m6Cbr

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks